ROC920010145US1 



1/9 




FIG. 1A 



ROC920010145US1 

2/9 







ONGOING SYSTEM INTEGRITY SOFTWARE 
PRODUCT PROTECTION PROGRAM 132 








CORE PRODUCT LOAD MANIFEST 200 






CORE PRODUCT LOAD MANIFEST WITH 
CHAINED AMENDMENT 300 






CORE PRODUCT LOAD MANIFEST 400 WITH 
HEADER USE FOR ADDITIONAL DIGITAL SIGNING 
REQUIREMENTS 








OPERATING SYSTEM 130 







FIG. 1B 



ROC920010145US1 

3/9 



CORE PRODUCT LOAD MANIFEST 200 



MANIFEST HEADER 202 
SIGNATURE 210 








PROGRAM 214 


ITEM 1 204 
ATTRIBUTES 212 
-CORE ITEM 
-SIGNED/UNSIGNED 
-ETC. 






SIGNATURE 216 






ITEM 2 206 
ATTRIBUTES 212 
-CORE ITEM 




FILE 218 








ITEM N 208 
ATTRIBUTES 212 
-CORE ITEM 








PROGRAM 220 




SIGNATURE 222 



FIG. 2 



ROC920010145US1 



4/9 



CORE PRODUCT LOAD MANIFEST WITH CHAINED 
AMENDMENT 300 



MANIFEST HEADER 202 
SIGNATURE 210 






PROGRAM 214 






SIGNATURE 216 


ITEM 1 204 
ATTRIBUTES 212 






ITEM 2 206 
ATTRIBUTES 212 




FILE 218 








ITEM N 208 
ATTRIBUTES 212 


PROGRAM 220 




SIGNATURE 222 



MANIFEST HEADER 302 




SIGNATURE 310 




ITEM (N+1) 304 




NEW FILE 318 


ATTRIBUTES 312 
-ADDED ITEM 




(UNSIGNED) 


ITEM 2 306 




ATTRIBUTES 312 




-DELETED ITEM 










ITEM (N+M) 308 
ATTRIBUTES 312 
-ADDED ITEM 




NEW PROGRAM 324 




SIGNATURE 326 



FIG. 3 



ROC920010145US1 



5/9 



CORE PRODUCT LOAD MANIFEST 400 
WITH HEADER USE FOR ADDITIONAL 
DIGITAL SIGNING REQUIREMENTS 



PROPERTIES OF MANIFEST 
-PATTERN 

ex. /bin/q*.pgm 

-ETC. (OTHER PROPERTIES) 
SIGNATURE 410 










qi.pgm 414 






SIGNATURE 416 


q-i.pgm 404 

-ATTRIBUTES 412 






q2.pgm4i8 


q2.pgm 406 
-ATTRIBUTES 412 








SIGNATURE 420 










qN.pgm 408 

-ATTRIBUTES 412 










qN.pgm 422 










SIGNATURE 424 



FIG. 4 



ROC920010145US1 



6/9 

FIG. 5A 

CREATION OF 
ORIGINAL MANIFEST 

PROCESSING 



CREATE THE MANIFEST 
HEADER AND INCLUDE THE 
HEADER PROPERTIES 502 



DATA INPUTS 

/attributes of 
manifest 500 

(AKA 
PROPERTIES, 
E.G. ORIGINAL 
MANIFEST, 
PATTERN 

/bin/q* pgm) 



PUT EACH ITEM IN THE LIST 
ALONG WITH ANY 
ATTRIBUTES (E.G., WHETHER 
SIGNABLE) 506 



COPY CERTIFICATE X INTO 
HEADER AND COMPUTE 
SIGNATURE OF EACH 
SIGNABLE ITEM USING 
PRIVATE KEY Y AND 
CERTIFICATE X AND STORE 

SIGNATURE WITH THE 
POINTED TO ITEM SEPARATE 
FROM MANIFEST 510 



LIST OF ITEMS 
TO GO INTO THE 

MANIFEST AND 
EACH ITEM'S 
ATTRIBUTES 504 



CERTIFICATE X 
AND PRIVATE 
KEY K 508 



SIGN MANIFEST AND STORE 
DIGITAL SIGNATURE IN THE 
HEADER. DISCARD PRIVATE 
KEY (NOT SHIPPED WITH 
PROGRAM) 512 



ROC920010145US1 



FIG. 5B 



7/9 



CREATION OF 
AMENDED MANIFEST 

PROCESSING 



CREATE THE MANIFEST 
HEADER AND INCLUDE THE 
HEADER PROPERTIES 522 







PUT EACH ITEM IN THE LIST 

ALONG WITH ANY 
ATTRIBUTES (E.G., WHETHER 
SIGNABLE, ADDED, DELETED) 
526 



DATA INPUTS 

Attributes of 
manifest 520 

(AKA 
PROPERTIES, 
E.G. AMENDED 
MANIFEST, 
NAME OF 
ORIGINAL 
MANIFEST) 



LIST OF ITEMS TO GO 
INTO THE MANIFEST AND 
EACH ITEM'S ATTRIBUTES 
(TYPICAL AMENDMENT 
INCLUDES WHETHER 
ITEM WAS DELETED OR 
ADDED AFTER ORIGINAL 
MANIFEST WAS 
CREATED) 524 



COPY CERTIFICATE X INTO 
HEADER AND COMPUTE 
SIGNATURE OF EACH 
SIGNABLE ITEM USING 
PRIVATE KEY Y AND 
CERTIFICATE X AND STORE 
SIGNATURE WITH POINTED TO 
ITEM SEPARATE FROM 
MANIFEST 530 



CERTIFICATE X 
AND PRIVATE 
KEY K 528 



SIGN MANIFEST AND STORE 
DIGITAL SIGNATURE IN THE 
HEADER. DISCARD PRIVATE 
KEY (NOT SHIPPED WITH 
PROGRAM) 532 



ROC920010145US1 



8/9 



FIG. 5C 



PRODUCT MANIFEST CHAIN 540 
USING A SINGLE LINKED LIST 



ORIGINAL 
MANIFEST 542 



AMENDED 
MANIFEST 1 544 




AMENDED 
MANIFEST X 546 




AMENDED 
MANIFEST Y 548 



556 



ROC920010145US1 




